formbook

General

Target

7885d083cda2b5be4bfd33eaf138a9df
Size

806KB
Sample

240126-15bdyafdd7
MD5

7885d083cda2b5be4bfd33eaf138a9df
SHA1

e8a131256dcc6b616203e43d54f561016e31c5b2
SHA256

e8815d23a30784440c043d16e0b62dfd5107c68f7139075b947575fee940a651
SHA512

91fe35e58039214914eb30fd233261844fff46e39764cafdfa47a8dc17980cb5219d56c4c4c1d9b8bfcd83c7271f496c3c36443224a6ede89f85bc9668c33f08
SSDEEP

12288:RSuXry7iS/d348plpPVTfaropWnLOciYbJiH6fRMxrYxDERYvXNt:Rtr9S/d3PVaoKZiY2IemJEoNt

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

fndy

Decoy

nerorog.com

gsdyqf.com

spyxcase.com

wassyoiseikatsu.net

binarytotext.online

conflictdynamicsprofile.com

forepast.com

raleighproduction.com

icqbet.net

applesgravity.com

lasmargsdenver.com

wordspanpublishing.com

sozialmediamarekting.com

sanaulahmalik.com

trufflesales.com

rajakreditmobil.com

remoteandfreelance.com

sunny-since-we-met.net

heloisecommunication.com

theatreimagination.com

Targets

- Target
  
  7885d083cda2b5be4bfd33eaf138a9df
- Size
  
  806KB
- MD5
  
  7885d083cda2b5be4bfd33eaf138a9df
- SHA1
  
  e8a131256dcc6b616203e43d54f561016e31c5b2
- SHA256
  
  e8815d23a30784440c043d16e0b62dfd5107c68f7139075b947575fee940a651
- SHA512
  
  91fe35e58039214914eb30fd233261844fff46e39764cafdfa47a8dc17980cb5219d56c4c4c1d9b8bfcd83c7271f496c3c36443224a6ede89f85bc9668c33f08
- SSDEEP
  
  12288:RSuXry7iS/d348plpPVTfaropWnLOciYbJiH6fRMxrYxDERYvXNt:Rtr9S/d3PVaoKZiY2IemJEoNt
Score

10^/10

formbook fndy rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- CustAttr .NET packer
  Detects CustAttr .NET packer in memory.
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

CustAttr .NET packer

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2